UnrealIRCd
There is a root process running UnrealIRCd
i could also see that the 0.0.0.0:6697 socket was up and listening for connection, which is likely the said process above.
daemon@lame:/$ nc 127.0.0.1 6697
:irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname...
:irc.Metasploitable.LAN NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead
:irc.Metasploitable.LAN 451 exit :You have not registered
error :Closing Link: [127.0.0.1] (Ping timeout)I was able to connect to it locally using Netcat
daemon@lame:/$ /usr/bin/unrealircd -v
bash: /usr/bin/unrealircd: Permission denied
daemon@lame:/$ find / -name *unrealirc* -ls -type f 2>/dev/null
344955 1364 -rwx------ 1 root root 1389596 May 20 2012 /usr/bin/unrealircdAlthough I am unable to enumerate the version, I believe that it is likely vulnerable as everything in this system is old.
Vulnerability
┌──(kali㉿kali)-[~/archive/htb/labs/lame]
└─$ searchsploit UnrealIRCd
------------------------------------------------------------------ ---------------------------------
Exploit Title | Path
------------------------------------------------------------------ ---------------------------------
UnrealIRCd 3.2.8.1 - Backdoor Command Execution (Metasploit) | linux/remote/16922.rb
UnrealIRCd 3.2.8.1 - Local Configuration Stack Overflow | windows/dos/18011.txt
UnrealIRCd 3.2.8.1 - Remote Downloader/Execute | linux/remote/13853.pl
UnrealIRCd 3.x - Remote Denial of Service | windows/dos/27407.pl
------------------------------------------------------------------ ---------------------------------
Shellcodes: No Results
Papers: No ResultsI will [[Lame_Privilege_Escalation_3#CVE-2010-2075|try]] a few well-known exploits against it